mirror of
https://git.FreeBSD.org/src.git
synced 2024-11-28 08:02:54 +00:00
Another overhaul of the periodic stuff.
All periodic sub-scripts <larf> now have their return codes interpreted by periodic(8). Output may be masked based on variable values in periodic.conf. It's also now possible to email periodic output to arbitrary addresses, or to send it to a log file, examples of which can be found in newsyslog.conf. The upshot of it all should be no discernable changes to the default behaviour of periodic(8). PR: 21250
This commit is contained in:
parent
cb144e905c
commit
9ed55d1192
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=65843
@ -14,9 +14,9 @@ HOME=/var/log
|
||||
0 * * * * root newsyslog
|
||||
#
|
||||
# do daily/weekly/monthly maintenance
|
||||
59 1 * * * root periodic daily 2>&1 | sendmail root
|
||||
30 3 * * 6 root periodic weekly 2>&1 | sendmail root
|
||||
30 5 1 * * root periodic monthly 2>&1 | sendmail root
|
||||
59 1 * * * root periodic daily
|
||||
30 3 * * 6 root periodic weekly
|
||||
30 5 1 * * root periodic monthly
|
||||
#
|
||||
# time zone change adjustment for wall cmos clock,
|
||||
# does nothing, if you have UTC cmos clock.
|
||||
|
@ -22,6 +22,16 @@ local_periodic="/usr/local/etc/periodic /usr/X11R6/etc/periodic"
|
||||
|
||||
# Daily options
|
||||
|
||||
# These options are used by periodic(8) itself to determine what to do
|
||||
# with the output of the sub-programs that are run, and where to send
|
||||
# that output. $daily_output might be set to /var/log/daily.log if you
|
||||
# wish to log the daily output and have the files rotated by newsyslog(8)
|
||||
#
|
||||
daily_output="root" # user or /file
|
||||
daily_show_success="YES" # scripts returning 0
|
||||
daily_show_info="YES" # scripts returning 1
|
||||
daily_show_badconfig="NO" # scripts returning 2
|
||||
|
||||
# 100.clean-disks
|
||||
daily_clean_disks_enable="NO" # Delete files daily
|
||||
daily_clean_disks_files="[#,]* .#* a.out *.core *.CKP .emacs_[0-9]*"
|
||||
@ -61,7 +71,7 @@ daily_backup_passwd_enable="YES" # Backup passwd & group
|
||||
daily_backup_aliases_enable="YES" # Backup mail aliases
|
||||
|
||||
# 220.backup-distfile
|
||||
daily_backup_distfile_enable="YES" # Backup distfile
|
||||
daily_backup_distfile_enable="YES" # rdist /etc/Distfile
|
||||
|
||||
# 300.calendar
|
||||
daily_calendar_enable="NO" # Run calendar -a
|
||||
@ -113,6 +123,16 @@ daily_local="/etc/daily.local" # Local scripts
|
||||
|
||||
# Weekly options
|
||||
|
||||
# These options are used by periodic(8) itself to determine what to do
|
||||
# with the output of the sub-programs that are run, and where to send
|
||||
# that output. $weekly_output might be set to /var/log/weekly.log if you
|
||||
# wish to log the weekly output and have the files rotated by newsyslog(8)
|
||||
#
|
||||
weekly_output="root" # user or /file
|
||||
weekly_show_success="YES" # scripts returning 0
|
||||
weekly_show_info="YES" # scripts returning 1
|
||||
weekly_show_badconfig="NO" # scripts returning 2
|
||||
|
||||
# 120.clean-kvmdb
|
||||
weekly_clean_kvmdb_enable="YES" # Clean kvmdb weekly
|
||||
weekly_clean_kvmdb_days=7 # If not accessed for
|
||||
@ -143,6 +163,16 @@ weekly_local="/etc/weekly.local" # Local scripts
|
||||
|
||||
# Monthly options
|
||||
|
||||
# These options are used by periodic(8) itself to determine what to do
|
||||
# with the output of the sub-programs that are run, and where to send
|
||||
# that output. $monthly_output might be set to /var/log/monthly.log if you
|
||||
# wish to log the monthly output and have the files rotated by newsyslog(8)
|
||||
#
|
||||
monthly_output="root" # user or /file
|
||||
monthly_show_success="YES" # scripts returning 0
|
||||
monthly_show_info="YES" # scripts returning 1
|
||||
monthly_show_badconfig="NO" # scripts returning 2
|
||||
|
||||
# 200.accounting
|
||||
monthly_accounting_enable="YES" # Login accounting
|
||||
|
||||
|
@ -14,3 +14,6 @@
|
||||
/var/log/ppp.log 600 3 100 * Z
|
||||
/var/log/security 600 10 100 * Z
|
||||
/var/log/wtmp 644 3 * @01T05 B
|
||||
/var/log/daily.log 640 7 * @T00 Z
|
||||
/var/log/weekly.log 640 5 1 $W6D0 Z
|
||||
/var/log/monthly.log 640 12 * $M1D0 Z
|
||||
|
@ -15,8 +15,18 @@ fi
|
||||
|
||||
case "$daily_clean_disks_enable" in
|
||||
[Yy][Ee][Ss])
|
||||
if [ -n "$daily_clean_disks_days" -a -n "$daily_clean_disks_files" ]
|
||||
if [ -z "$daily_clean_disks_days" ]
|
||||
then
|
||||
echo '$daily_clean_disks_enable is set but' \
|
||||
'$daily_clean_disks_days is not'
|
||||
rc=2
|
||||
elif [ -z "$daily_clean_disks_files" ]
|
||||
then
|
||||
echo '$daily_clean_disks_enable is set but' \
|
||||
'$daily_clean_disks_files is not'
|
||||
are misconfigured
|
||||
rc=2
|
||||
else
|
||||
echo ""
|
||||
echo "Removing old temporary files:"
|
||||
set -f noglob
|
||||
@ -30,8 +40,15 @@ case "$daily_clean_disks_enable" in
|
||||
print=;;
|
||||
esac
|
||||
|
||||
find / \( ! -fstype local -o -fstype rdonly \) -a -prune -o \
|
||||
\( $args \) -atime +$daily_clean_disks_days -delete $print
|
||||
rc=$(find / \( ! -fstype local -o -fstype rdonly \) -a -prune -o \
|
||||
\( $args \) -atime +$daily_clean_disks_days -delete $print |
|
||||
tee /dev/stderr | wc -l)
|
||||
[ -z "$print" ] && rc=0
|
||||
[ $rc -gt 1 ] && rc=1
|
||||
set -f glob
|
||||
fi;;
|
||||
|
||||
*) rc=0;;
|
||||
esac
|
||||
|
||||
exit $rc
|
||||
|
@ -16,8 +16,12 @@ fi
|
||||
|
||||
case "$daily_clean_tmps_enable" in
|
||||
[Yy][Ee][Ss])
|
||||
if [ -n "$daily_clean_tmps_days" ]
|
||||
if [ -z "$daily_clean_tmps_days" ]
|
||||
then
|
||||
echo '$daily_clean_tmps_enable is set but' \
|
||||
'$daily_clean_tmps_days is not'
|
||||
rc=2
|
||||
else
|
||||
echo ""
|
||||
echo "Removing old temporary files:"
|
||||
|
||||
@ -33,14 +37,20 @@ case "$daily_clean_tmps_enable" in
|
||||
print=;;
|
||||
esac
|
||||
|
||||
for dir in $daily_clean_tmps_dirs
|
||||
do
|
||||
[ ."${dir#/}" != ."$dir" -a -d $dir ] && cd $dir && {
|
||||
find -d . -type f $args -delete $print
|
||||
find -d . ! -name . -type d -mtime +$daily_clean_tmps_days \
|
||||
-delete $print
|
||||
} | sed "s,^\\., $dir,"
|
||||
done
|
||||
rc=$(for dir in $daily_clean_tmps_dirs
|
||||
do
|
||||
[ ."${dir#/}" != ."$dir" -a -d $dir ] && cd $dir && {
|
||||
find -d . -type f $args -delete $print
|
||||
find -d . ! -name . -type d -mtime \
|
||||
+$daily_clean_tmps_days -delete $print
|
||||
} | sed "s,^\\., $dir,"
|
||||
done | tee /dev/stderr | wc -l)
|
||||
[ -z "$print" ] && rc=0
|
||||
[ $rc -gt 1 ] && rc=1
|
||||
set -f glob
|
||||
fi;;
|
||||
|
||||
*) rc=0;;
|
||||
esac
|
||||
|
||||
exit $rc
|
||||
|
@ -15,20 +15,39 @@ fi
|
||||
|
||||
case "$daily_clean_preserve_enable" in
|
||||
[Yy][Ee][Ss])
|
||||
if [ -n "$daily_clean_preserve_days" -a -d /var/preserve ]
|
||||
if [ -z "$daily_clean_preserve_days" ]
|
||||
then
|
||||
echo '$daily_clean_preserve_enable is set but' \
|
||||
'$daily_clean_preserve_days is not'
|
||||
rc=2
|
||||
elif [ ! -d /var/preserve ]
|
||||
then
|
||||
echo '$daily_clean_preserve_enable is set but /var/preserve' \
|
||||
"doesn't exist"
|
||||
rc=2
|
||||
else
|
||||
echo ""
|
||||
echo "Removing stale files from /var/preserve:"
|
||||
|
||||
case "$daily_clean_preserve_verbose" in
|
||||
[Yy][Ee][Ss])
|
||||
print=-print;;
|
||||
*)
|
||||
print=;;
|
||||
esac
|
||||
if cd /var/preserve
|
||||
then
|
||||
case "$daily_clean_preserve_verbose" in
|
||||
[Yy][Ee][Ss])
|
||||
print=-print;;
|
||||
*)
|
||||
print=;;
|
||||
esac
|
||||
|
||||
cd /var/preserve &&
|
||||
find . ! -name . -mtime +$daily_clean_preserve_days \
|
||||
-delete $print
|
||||
rc=$(find . ! -name . -mtime +$daily_clean_preserve_days \
|
||||
-delete $print | tee /dev/stderr | wc -l)
|
||||
[ -z "$print" ] && rc=0
|
||||
[ $rc -gt 1 ] && rc=1
|
||||
else
|
||||
rc=3
|
||||
fi
|
||||
fi;;
|
||||
|
||||
*) rc=0;;
|
||||
esac
|
||||
|
||||
exit $rc
|
||||
|
@ -15,13 +15,21 @@ fi
|
||||
|
||||
case "$daily_clean_msgs_enable" in
|
||||
[Yy][Ee][Ss])
|
||||
if [ -d /var/msgs ]
|
||||
if [ ! -d /var/msgs ]
|
||||
then
|
||||
echo '$daily_clean_msgs_enable is set but /var/msgs' \
|
||||
"doesn't exist"
|
||||
rc=2
|
||||
else
|
||||
echo ""
|
||||
echo "Cleaning out old system announcements:"
|
||||
|
||||
[ -n "$daily_clean_msgs_days" ] &&
|
||||
arg=-${daily_clean_msgs_days#-} || arg=
|
||||
msgs -c $arg
|
||||
msgs -c $arg && rc=0 || rc=3
|
||||
fi;;
|
||||
|
||||
*) rc=0;;
|
||||
esac
|
||||
|
||||
exit $rc
|
||||
|
@ -15,8 +15,17 @@ fi
|
||||
|
||||
case "$daily_clean_rwho_enable" in
|
||||
[Yy][Ee][Ss])
|
||||
if [ -n "$daily_clean_rwho_days" -a -d /var/rwho ]
|
||||
if [ -z "$daily_clean_rwho_days" ]
|
||||
then
|
||||
echo '$daily_clean_rwho_enable is enabled but' \
|
||||
'$daily_clean_rwho_days is not set'
|
||||
rc=2
|
||||
elif [ ! -d /var/rwho ]
|
||||
then
|
||||
echo '$daily_clean_rwho_enable is enabled but /var/rwho' \
|
||||
"doesn't exist"
|
||||
rc=2
|
||||
else
|
||||
echo ""
|
||||
echo "Removing stale files from /var/rwho:"
|
||||
|
||||
@ -27,7 +36,18 @@ case "$daily_clean_rwho_enable" in
|
||||
print=;;
|
||||
esac
|
||||
|
||||
cd /var/rwho &&
|
||||
find . ! -name . -mtime +$daily_clean_rwho_days -delete $print
|
||||
if cd /var/rwho
|
||||
then
|
||||
rc=$(find . ! -name . -mtime +$daily_clean_rwho_days \
|
||||
-delete $print | tee /dev/stderr | wc -l)
|
||||
[ -z "$print" ] && rc=0
|
||||
[ $rc -gt 1 ] && rc=1
|
||||
else
|
||||
rc=3
|
||||
fi
|
||||
fi;;
|
||||
|
||||
*) rc=0;;
|
||||
esac
|
||||
|
||||
exit $rc
|
||||
|
@ -15,8 +15,17 @@ fi
|
||||
|
||||
case "$daily_clean_hoststat_enable" in
|
||||
[Yy][Ee][Ss])
|
||||
if [ -n "$daily_clean_hoststat_days" -a -d /var/spool/.hoststat ]
|
||||
if [ -z "$daily_clean_hoststat_days" ]
|
||||
then
|
||||
echo '$daily_clean_hoststat_enable is enabled but' \
|
||||
'$daily_clean_hoststat_days is not set'
|
||||
rc=2
|
||||
elif [ ! -d /var/spool/.hoststat ]
|
||||
then
|
||||
echo '$daily_clean_hoststat_enable is enabled but' \
|
||||
"/var/spool/.hoststat doesn't exist"
|
||||
rc=2
|
||||
else
|
||||
echo ""
|
||||
echo "Removing stale files from /var/spool/.hoststat:"
|
||||
|
||||
@ -27,8 +36,18 @@ case "$daily_clean_hoststat_enable" in
|
||||
print=;;
|
||||
esac
|
||||
|
||||
cd /var/hoststat &&
|
||||
find . ! -name . -mtime +$daily_clean_hoststat_days \
|
||||
-delete $print
|
||||
if cd /var/hoststat
|
||||
then
|
||||
rc=$(find . ! -name . -mtime +$daily_clean_hoststat_days \
|
||||
-delete $print | tee /dev/stderr | wc -l)
|
||||
[ -z "$print" ] && rc=0
|
||||
[ $rc -gt 1 ] && rc=1
|
||||
else
|
||||
rc=3
|
||||
fi
|
||||
fi;;
|
||||
|
||||
*) rc=0;;
|
||||
esac
|
||||
|
||||
exit $rc
|
||||
|
@ -13,47 +13,65 @@ fi
|
||||
|
||||
case "$daily_backup_passwd_enable" in
|
||||
[Yy][Ee][Ss])
|
||||
if [ -f /etc/master.passwd -o -f /etc/group ]
|
||||
if [ ! -f /etc/master.passwd ]
|
||||
then
|
||||
echo '$daily_backup_passwd_enable" is set but /etc/master.passwd' \
|
||||
"doesn't exist"
|
||||
rc=2
|
||||
elif [ ! -f /etc/group ]
|
||||
then
|
||||
echo '$daily_backup_passwd_enable" is set but /etc/group' \
|
||||
"doesn't exist"
|
||||
rc=2
|
||||
else
|
||||
bak=/var/backups
|
||||
rc=0
|
||||
|
||||
echo ""
|
||||
echo "Backup passwd and group files:"
|
||||
|
||||
if [ ! -f $bak/master.passwd.bak ]
|
||||
then
|
||||
rc=1
|
||||
echo "no $bak/master.passwd.bak"
|
||||
cp -p /etc/master.passwd $bak/master.passwd.bak
|
||||
cp -p /etc/master.passwd $bak/master.passwd.bak || rc=3
|
||||
fi
|
||||
|
||||
if ! cmp -s $bak/master.passwd.bak /etc/master.passwd
|
||||
then
|
||||
[ $rc -lt 1 ] && rc=1
|
||||
echo "$host passwd diffs:"
|
||||
diff $bak/master.passwd.bak /etc/master.passwd |\
|
||||
sed 's/^\([<>] [^:]*\):[^:]*:/\1:(password):/'
|
||||
mv $bak/master.passwd.bak $bak/master.passwd.bak2
|
||||
cp -p /etc/master.passwd $bak/master.passwd.bak
|
||||
cp -p /etc/master.passwd $bak/master.passwd.bak || rc=3
|
||||
fi
|
||||
|
||||
if [ ! -f $bak/group.bak ]
|
||||
then
|
||||
[ $rc -lt 1 ] && rc=1
|
||||
echo "no $bak/group.bak"
|
||||
cp -p /etc/group $bak/group.bak
|
||||
cp -p /etc/group $bak/group.bak || rc=3
|
||||
fi
|
||||
|
||||
if ! cmp -s $bak/group.bak /etc/group
|
||||
then
|
||||
[ $rc -lt 1 ] && rc=1
|
||||
echo "$host group diffs:"
|
||||
diff $bak/group.bak /etc/group
|
||||
mv $bak/group.bak $bak/group.bak2
|
||||
cp -p /etc/group $bak/group.bak
|
||||
cp -p /etc/group $bak/group.bak || rc=3
|
||||
fi
|
||||
|
||||
if [ -f /etc/group ]
|
||||
then
|
||||
echo ""
|
||||
echo "Verifying group file syntax:"
|
||||
chkgrp /etc/group
|
||||
chkgrp /etc/group || rc=3
|
||||
fi
|
||||
fi;;
|
||||
|
||||
*) rc=0;;
|
||||
esac
|
||||
|
||||
exit $rc
|
||||
|
@ -13,9 +13,14 @@ fi
|
||||
|
||||
case "$daily_backup_aliases_enable" in
|
||||
[Yy][Ee][Ss])
|
||||
if [ -f /etc/mail/aliases ]
|
||||
if [ ! -f /etc/mail/aliases ]
|
||||
then
|
||||
echo '$daily_backup_aliases_enable is enabled but' \
|
||||
"/etc/mail/aliases doesn't exist"
|
||||
rc=2
|
||||
else
|
||||
bak=/var/backups
|
||||
rc=0
|
||||
|
||||
echo ""
|
||||
echo "Backing up mail aliases:"
|
||||
@ -23,15 +28,20 @@ case "$daily_backup_aliases_enable" in
|
||||
if [ ! -f $bak/aliases.bak ]
|
||||
then
|
||||
echo "no $bak/aliases.bak"
|
||||
cp -p /etc/mail/aliases $bak/aliases.bak
|
||||
cp -p /etc/mail/aliases $bak/aliases.bak || rc=3
|
||||
fi
|
||||
|
||||
if ! cmp -s $bak/aliases.bak /etc/mail/aliases
|
||||
then
|
||||
[ $rc -lt 1 ] && rc=1
|
||||
echo "$host aliases diffs:"
|
||||
diff -u $bak/aliases.bak /etc/mail/aliases
|
||||
mv $bak/aliases.bak $bak/aliases.bak2
|
||||
cp -p /etc/mail/aliases $bak/aliases.bak
|
||||
cp -p /etc/mail/aliases $bak/aliases.bak || rc=3
|
||||
fi
|
||||
fi;;
|
||||
|
||||
*) rc=0;;
|
||||
esac
|
||||
|
||||
exit $rc
|
||||
|
@ -13,17 +13,27 @@ fi
|
||||
|
||||
case "$daily_backup_distfile_enable" in
|
||||
[Yy][Ee][Ss])
|
||||
if [ -f /etc/Distfile ]
|
||||
if [ ! -f /etc/Distfile ]
|
||||
then
|
||||
echo '$daily_backup_distfile_enable is set but /etc/Distfile' \
|
||||
"doesn't exist"
|
||||
rc=2
|
||||
else
|
||||
bak=/var/backups
|
||||
rc=0
|
||||
|
||||
echo ""
|
||||
echo "Backing up /etc/Distfile:"
|
||||
|
||||
if ! cmp -s $bak/Distfile.bak /etc/Distfile
|
||||
then
|
||||
rc=1
|
||||
mv $bak/Distfile.bak $bak/Distfile.bak2
|
||||
cp /etc/Distfile $bak/Distfile.bak
|
||||
cp /etc/Distfile $bak/Distfile.bak || rc=3
|
||||
fi
|
||||
fi;;
|
||||
|
||||
*) rc=0;;
|
||||
esac
|
||||
|
||||
exit $rc
|
||||
|
@ -18,11 +18,12 @@ fi
|
||||
|
||||
case "$daily_calendar_enable" in
|
||||
[Yy][Ee][Ss])
|
||||
if [ -f /usr/bin/calendar ]
|
||||
then
|
||||
echo ""
|
||||
echo "Running calendar:"
|
||||
echo ""
|
||||
echo "Running calendar:"
|
||||
|
||||
calendar -a
|
||||
fi;;
|
||||
calendar -a && rc=0 || rc=3;;
|
||||
|
||||
*) rc=0;;
|
||||
esac
|
||||
|
||||
exit $rc
|
||||
|
@ -13,26 +13,35 @@ fi
|
||||
|
||||
case "$daily_accounting_enable" in
|
||||
[Yy][Ee][Ss])
|
||||
if [ -f /var/account/acct ]
|
||||
if [ ! -f /var/account/acct ]
|
||||
then
|
||||
echo '$daily_accounting_enable is set but /var/account/acct' \
|
||||
"doesn't exist"
|
||||
rc=2
|
||||
else
|
||||
echo ""
|
||||
echo "Rotating accounting logs and gathering statistics:"
|
||||
|
||||
cd /var/account
|
||||
rc=0
|
||||
|
||||
rm -f acct.3.gz acct.3
|
||||
[ -f acct.2.gz ] && mv -f acct.2.gz acct.3.gz
|
||||
[ -f acct.2 ] && mv -f acct.2 acct.3
|
||||
[ -f acct.1.gz ] && mv -f acct.1.gz acct.2.gz
|
||||
[ -f acct.1 ] && mv -f acct.1 acct.2
|
||||
[ -f acct.0.gz ] && mv -f acct.0.gz acct.1.gz
|
||||
[ -f acct.0 ] && mv -f acct.0 acct.1
|
||||
cp -pf acct acct.0
|
||||
sa -s >/dev/null
|
||||
rm -f acct.3.gz acct.3 || rc=3
|
||||
[ -f acct.2.gz ] && { mv -f acct.2.gz acct.3.gz || rc=3; }
|
||||
[ -f acct.2 ] && { mv -f acct.2 acct.3 || rc=3; }
|
||||
[ -f acct.1.gz ] && { mv -f acct.1.gz acct.2.gz || rc=3; }
|
||||
[ -f acct.1 ] && { mv -f acct.1 acct.2 || rc=3; }
|
||||
[ -f acct.0.gz ] && { mv -f acct.0.gz acct.1.gz || rc=3; }
|
||||
[ -f acct.0 ] && { mv -f acct.0 acct.1 || rc=3; }
|
||||
cp -pf acct acct.0 || rc=3
|
||||
sa -s >/dev/null || rc=3
|
||||
|
||||
case "$daily_accounting_compress" in
|
||||
[Yy][Ee][Ss])
|
||||
gzip -f acct.0;;
|
||||
gzip -f acct.0 || rc=3;;
|
||||
esac
|
||||
fi;;
|
||||
|
||||
*) rc=0;;
|
||||
esac
|
||||
|
||||
exit $rc
|
||||
|
@ -13,11 +13,19 @@ fi
|
||||
|
||||
case "$daily_distfile_enable" in
|
||||
[Yy][Ee][Ss])
|
||||
if [ -f /etc/Distfile ]
|
||||
if [ ! -f /etc/Distfile ]
|
||||
then
|
||||
echo '$daily_distfile_enable is set but /etc/Distfile' \
|
||||
"doesn't exist"
|
||||
rc=2
|
||||
else
|
||||
echo ""
|
||||
echo "Running rdist with /etc/Distfile:"
|
||||
|
||||
rdist -f /etc/Distfile
|
||||
rdist -f /etc/Distfile && rc=0 || rc=3
|
||||
fi;;
|
||||
|
||||
*) rc=0;;
|
||||
esac
|
||||
|
||||
exit $rc
|
||||
|
@ -16,11 +16,19 @@ fi
|
||||
|
||||
case "$daily_news_expire_enable" in
|
||||
[Yy][Ee][Ss])
|
||||
if [ -f /etc/news.expire ]
|
||||
if [ ! -f /etc/news.expire ]
|
||||
then
|
||||
echo '$daily_news_expire_enable is set but /etc/news.expire' \
|
||||
"doesn't exist"
|
||||
rc=2
|
||||
else
|
||||
echo ""
|
||||
echo "Running news.expire:"
|
||||
|
||||
/etc/news.expire
|
||||
/etc/news.expire && rc=0 || rc=3
|
||||
fi;;
|
||||
|
||||
*) rc=0;;
|
||||
esac
|
||||
|
||||
exit $rc
|
||||
|
@ -16,11 +16,24 @@ fi
|
||||
|
||||
case "$daily_uuclean_enable" in
|
||||
[Yy][Ee][Ss])
|
||||
if [ -d /var/spool/uucp -a -f /etc/uuclean.daily ]
|
||||
if [ ! -d /var/spool/uucp ]
|
||||
then
|
||||
echo '$daily_uuclean_enable is set, but /var/spool/uucp' \
|
||||
"doesn't exist"
|
||||
rc=2
|
||||
elif [ ! -f /etc/uuclean.daily ]
|
||||
then
|
||||
echo '$daily_uuclean_enable is set, but /etc/uuclean.daily' \
|
||||
"doesn't exist"
|
||||
rc=2
|
||||
else
|
||||
echo ""
|
||||
echo "Cleaning up UUCP:"
|
||||
|
||||
echo /etc/uuclean.daily | su -m uucp
|
||||
echo /etc/uuclean.daily | su -m uucp && rc=0 || rc=3
|
||||
fi;;
|
||||
|
||||
*) rc=0;;
|
||||
esac
|
||||
|
||||
exit $rc
|
||||
|
@ -16,10 +16,14 @@ case "$daily_status_disks_enable" in
|
||||
echo ""
|
||||
echo "Disk status:"
|
||||
|
||||
df $daily_status_disks_df_flags
|
||||
df $daily_status_disks_df_flags && rc=0 || rc=3
|
||||
|
||||
# display which filesystems need backing up
|
||||
|
||||
echo ""
|
||||
dump W;;
|
||||
dump W || rc=3;;
|
||||
|
||||
*) rc=0;;
|
||||
esac
|
||||
|
||||
exit $rc
|
||||
|
@ -13,11 +13,24 @@ fi
|
||||
|
||||
case "$daily_status_uucp_enable" in
|
||||
[Yy][Ee][Ss])
|
||||
if [ -d /var/spool/uucp -a -x /usr/bin/uustat ]
|
||||
if [ ! -d /var/spool/uucp ]
|
||||
then
|
||||
echo '$daily_status_uucp_enable is set but /var/spool/uucp' \
|
||||
"doesn't exist"
|
||||
rc=2
|
||||
elif [ ! -x /usr/bin/uustat ]
|
||||
then
|
||||
echo '$daily_status_uucp_enable is set but /usr/bin/uustat' \
|
||||
"isn't executable"
|
||||
rc=2
|
||||
else
|
||||
echo ""
|
||||
echo "UUCP status:"
|
||||
|
||||
uustat -a
|
||||
uustat -a && rc=0 || rc=3
|
||||
fi;;
|
||||
|
||||
*) rc=0;;
|
||||
esac
|
||||
|
||||
exit $rc
|
||||
|
@ -13,16 +13,17 @@ fi
|
||||
|
||||
case "$daily_status_network_enable" in
|
||||
[Yy][Ee][Ss])
|
||||
if [ -x /usr/bin/netstat ]
|
||||
then
|
||||
echo ""
|
||||
echo "Network interface status:"
|
||||
echo ""
|
||||
echo "Network interface status:"
|
||||
|
||||
case "$daily_status_network_usedns" in
|
||||
[Yy][Ee][Ss])
|
||||
netstat -i;;
|
||||
*)
|
||||
netstat -in;;
|
||||
esac
|
||||
fi;;
|
||||
case "$daily_status_network_usedns" in
|
||||
[Yy][Ee][Ss])
|
||||
netstat -i && rc=0 || rc=3;;
|
||||
*)
|
||||
netstat -in && rc=0 || rc=3;;
|
||||
esac;;
|
||||
|
||||
*) rc=0;;
|
||||
esac
|
||||
|
||||
exit $rc
|
||||
|
@ -14,14 +14,25 @@ fi
|
||||
case "$daily_status_rwho_enable" in
|
||||
[Yy][Ee][Ss])
|
||||
rwho=$(echo /var/rwho/*)
|
||||
if [ -x /usr/bin/rwho -a -f "${rwho%% *}" ]
|
||||
if [ -f "${rwho%% *}" ]
|
||||
then
|
||||
echo ""
|
||||
echo "Local network system status:"
|
||||
ruptime
|
||||
prog=ruptime
|
||||
else
|
||||
echo ""
|
||||
echo "Local system status:"
|
||||
uptime
|
||||
prog=uptime
|
||||
fi
|
||||
rc=$($prog | tee /dev/stderr | wc -l)
|
||||
if [ $? -eq 0 ]
|
||||
then
|
||||
[ $rc -gt 1 ] && rc=1
|
||||
else
|
||||
rc=3
|
||||
fi;;
|
||||
|
||||
*) rc=0;;
|
||||
esac
|
||||
|
||||
exit $rc
|
||||
|
@ -13,21 +13,35 @@ fi
|
||||
|
||||
case "$daily_status_mailq_enable" in
|
||||
[Yy][Ee][Ss])
|
||||
if [ -x /usr/bin/mailq -a -d /var/spool/mqueue ]
|
||||
if [ ! -x /usr/bin/mailq ]
|
||||
then
|
||||
echo '$daily_status_mailq_enable is set but /usr/bin/mailq' \
|
||||
"isn't executable"
|
||||
rc=2
|
||||
elif [ ! -d /var/spool/mqueue ]
|
||||
then
|
||||
echo '$daily_status_mailq_enable is set but /var/spool/mqueue' \
|
||||
"doesn't exist"
|
||||
rc=2
|
||||
else
|
||||
echo ""
|
||||
echo "Mail in local queue:"
|
||||
|
||||
case "$daily_status_mailq_shorten" in
|
||||
rc=$(case "$daily_status_mailq_shorten" in
|
||||
[Yy][Ee][Ss])
|
||||
mailq |
|
||||
rc=$(mailq |
|
||||
perl -ne 'print if /^\s+\S+@/' |
|
||||
sort |
|
||||
uniq -c |
|
||||
sort -nr |
|
||||
awk '$1 > 1 {print $1, $2}';;
|
||||
awk '$1 > 1 {print $1, $2}');;
|
||||
*)
|
||||
mailq;;
|
||||
esac
|
||||
esac | tee /dev/stderr | fgrep -v 'mqueue is empty' | wc -l)
|
||||
[ $rc -gt 1 ] && rc=1
|
||||
fi;;
|
||||
|
||||
*) rc=0;;
|
||||
esac
|
||||
|
||||
exit $rc
|
||||
|
@ -13,30 +13,33 @@ fi
|
||||
|
||||
case "$daily_status_security_enable" in
|
||||
[Yy][Ee][Ss])
|
||||
if [ -f /etc/security -a -x /usr/sbin/sendmail ]
|
||||
then
|
||||
echo ""
|
||||
echo "Security check:"
|
||||
echo ""
|
||||
echo "Security check:"
|
||||
|
||||
case "$daily_status_security_noamd" in
|
||||
[Yy][Ee][Ss])
|
||||
args=-a;;
|
||||
*)
|
||||
args=;;
|
||||
esac
|
||||
case "$daily_status_security_noamd" in
|
||||
[Yy][Ee][Ss])
|
||||
args=-a;;
|
||||
*)
|
||||
args=;;
|
||||
esac
|
||||
|
||||
case "$daily_status_security_nomfs" in
|
||||
[Yy][Ee][Ss])
|
||||
args="$args -m";;
|
||||
esac
|
||||
case "$daily_status_security_nomfs" in
|
||||
[Yy][Ee][Ss])
|
||||
args="$args -m";;
|
||||
esac
|
||||
|
||||
case "$daily_status_security_inline" in
|
||||
[Yy][Ee][Ss])
|
||||
sh /etc/security -s $args;;
|
||||
case "$daily_status_security_inline" in
|
||||
[Yy][Ee][Ss])
|
||||
sh /etc/security -s $args
|
||||
rc=$?;;
|
||||
|
||||
*)
|
||||
*)
|
||||
echo " (output mailed separately)"
|
||||
sh /etc/security $args 2>&1 | sendmail root;;
|
||||
esac
|
||||
fi;;
|
||||
sh /etc/security $args 2>&1 |
|
||||
sendmail root && rc=0 || rc=3;;
|
||||
esac;;
|
||||
|
||||
*) rc=0;;
|
||||
esac
|
||||
|
||||
exit $rc
|
||||
|
@ -13,15 +13,28 @@ fi
|
||||
|
||||
case "$daily_status_mail_rejects_enable" in
|
||||
[Yy][Ee][Ss])
|
||||
if [ -d /etc/mail -a -f /var/log/maillog -a \
|
||||
"$daily_status_mail_rejects_logs" -gt 0 ]
|
||||
if [ ! -d /etc/mail ]
|
||||
then
|
||||
echo '$daily_status_mail_rejects_enable is set but /etc/mail' \
|
||||
"doesn't exist"
|
||||
rc=2
|
||||
elif [ ! -f /var/log/maillog ]
|
||||
then
|
||||
echo '$daily_status_mail_rejects_enable is set but ' \
|
||||
"/var/log/maillog doesn't exist"
|
||||
rc=2
|
||||
elif [ "$daily_status_mail_rejects_logs" -le 0 ]
|
||||
then
|
||||
echo '$daily_status_mail_rejects_enable is set but ' \
|
||||
'$daily_status_mail_rejects_logs is not greater than zero'
|
||||
rc=2
|
||||
else
|
||||
echo
|
||||
echo Checking for rejected mail hosts:
|
||||
|
||||
start=`date -v-1d '+%b %d' | sed 's/0\(.\)$/ \1/'`
|
||||
n=$(($daily_status_mail_rejects_logs - 2))
|
||||
{
|
||||
rc=$({
|
||||
while [ $n -ge 0 ]
|
||||
do
|
||||
if [ -f /var/log/maillog.$n ]
|
||||
@ -37,6 +50,11 @@ case "$daily_status_mail_rejects_enable" in
|
||||
} |
|
||||
perl -ne "print \"\$2\n\"
|
||||
if (/reject=/ and /^$start.*ruleset=check_\S+,\s+arg1=(<[^@]+@)?([^>,]+).*reject=/o);" |
|
||||
sort | uniq -c | sort -nr
|
||||
sort | uniq -c | sort -nr | tee /dev/stderr | wc -l)
|
||||
[ $rc -gt 0 ] && rc=1
|
||||
fi;;
|
||||
|
||||
*) rc=0;;
|
||||
esac
|
||||
|
||||
exit $rc
|
||||
|
@ -14,6 +14,7 @@ then
|
||||
source_periodic_confs
|
||||
fi
|
||||
|
||||
rc=0
|
||||
for script in $daily_local
|
||||
do
|
||||
case "$script" in
|
||||
@ -23,7 +24,15 @@ do
|
||||
echo ""
|
||||
echo "Running $script:"
|
||||
|
||||
sh $script
|
||||
sh $script || rc=3
|
||||
else
|
||||
echo "$script: No such file"
|
||||
[ $rc -lt 2 ] && rc=2
|
||||
fi;;
|
||||
*)
|
||||
echo "$script: Not an absolute path"
|
||||
[ $rc -lt 2 ] && rc=2;;
|
||||
esac
|
||||
done
|
||||
|
||||
exit $rc
|
||||
|
@ -14,14 +14,20 @@ fi
|
||||
case "$monthly_accounting_enable" in
|
||||
[Yy][Ee][Ss])
|
||||
W=/var/log/wtmp
|
||||
if [ -f $W.0 ]
|
||||
if [ ! -f $W.0 ]
|
||||
then
|
||||
if [ -x /usr/sbin/ac ]
|
||||
then
|
||||
echo ""
|
||||
echo "Doing login accounting:"
|
||||
echo '$monthly_accounting_enable is set but' \
|
||||
"$W.0 doesn't exist"
|
||||
rc=2
|
||||
else
|
||||
echo ""
|
||||
echo "Doing login accounting:"
|
||||
|
||||
ac -p -w $W.0 | sort -nr +1
|
||||
fi
|
||||
rc=$(ac -p -w $W.0 | sort -nr +1 | tee /dev/stderr | wc -l)
|
||||
[ $rc -gt 0 ] && rc=1
|
||||
fi;;
|
||||
|
||||
*) rc=0;;
|
||||
esac
|
||||
|
||||
exit $rc
|
||||
|
@ -11,6 +11,7 @@ then
|
||||
source_periodic_confs
|
||||
fi
|
||||
|
||||
rc=0
|
||||
for script in $monthly_local
|
||||
do
|
||||
case "$script" in
|
||||
@ -20,7 +21,15 @@ do
|
||||
echo ""
|
||||
echo "Running $script:"
|
||||
|
||||
sh $script
|
||||
sh $script || rc=3
|
||||
else
|
||||
echo "$script: No such file"
|
||||
[ $rc -lt 2 ] && rc=2
|
||||
fi;;
|
||||
*)
|
||||
echo "$script: Not an absolute path"
|
||||
[ $rc -lt 2 ] && rc=2;;
|
||||
esac
|
||||
done
|
||||
|
||||
exit $rc
|
||||
|
@ -12,8 +12,17 @@ fi
|
||||
|
||||
case "$weekly_clean_kvmdb_enable" in
|
||||
[Yy][Ee][Ss])
|
||||
if [ -d /var/db -a -n "$weekly_clean_kvmdb_days" ]
|
||||
if [ ! -d /var/db ]
|
||||
then
|
||||
echo '$weekly_clean_kvmdb_enable is set but /var/db' \
|
||||
"doesn't exist"
|
||||
rc=2
|
||||
elif [ -z "$weekly_clean_kvmdb_days" ]
|
||||
then
|
||||
echo '$weekly_clean_kvmdb_enable is set but' \
|
||||
'$weekly_clean_kvmdb_days is not'
|
||||
rc=2
|
||||
else
|
||||
echo ""
|
||||
echo "Cleaning up kernel database files:"
|
||||
|
||||
@ -27,7 +36,14 @@ case "$weekly_clean_kvmdb_enable" in
|
||||
print=;;
|
||||
esac
|
||||
|
||||
find /var/db -name "kvm_*.db" ! -name $kernel \
|
||||
-atime +$weekly_clean_kvmdb_days -delete $print
|
||||
rc=$(find /var/db -name "kvm_*.db" ! -name $kernel \
|
||||
-atime +$weekly_clean_kvmdb_days -delete $print |
|
||||
tee /dev/stderr | wc -l)
|
||||
[ -z "$print" ] && rc=0
|
||||
[ $rc -gt 1 ] && rc=1
|
||||
fi;;
|
||||
|
||||
*) rc=0;;
|
||||
esac
|
||||
|
||||
exit $rc
|
||||
|
@ -15,11 +15,24 @@ fi
|
||||
|
||||
case "$weekly_uucp_enable" in
|
||||
[Yy][Ee][Ss])
|
||||
if [ -d /var/spool/uucp -a -f /usr/libexec/uucp/clean.weekly ]
|
||||
if [ ! -d /var/spool/uucp ]
|
||||
then
|
||||
echo '$weekly_uucp_enable is set but /var/spool/uucp' \
|
||||
"doesn't exist"
|
||||
rc=2
|
||||
elif [ ! -x /usr/libexec/uucp/clean.weekly ]
|
||||
then
|
||||
echo '$weekly_uucp_enable is set but' \
|
||||
"/usr/libexec/uucp/clean.weekly isn't executable"
|
||||
rc=2
|
||||
else
|
||||
echo ""
|
||||
echo "Cleaning up UUCP:"
|
||||
|
||||
echo /usr/libexec/uucp/clean.weekly | su daemon
|
||||
echo /usr/libexec/uucp/clean.weekly | su -m daemon && rc=0 || rc=3
|
||||
fi;;
|
||||
|
||||
*) rc=0;;
|
||||
esac
|
||||
|
||||
exit $rc
|
||||
|
@ -13,19 +13,20 @@ fi
|
||||
|
||||
case "$weekly_locate_enable" in
|
||||
[Yy][Ee][Ss])
|
||||
if [ -x /usr/libexec/locate.updatedb -a -f $locdb ]
|
||||
then
|
||||
echo ""
|
||||
echo "Rebuilding locate database:"
|
||||
echo ""
|
||||
echo "Rebuilding locate database:"
|
||||
|
||||
locdb=/var/db/locate.database
|
||||
locdb=/var/db/locate.database
|
||||
|
||||
touch $locdb
|
||||
chown nobody $locdb
|
||||
chmod 644 $locdb
|
||||
touch $locdb && rc=0 || rc=3
|
||||
chown nobody $locdb || rc=3
|
||||
chmod 644 $locdb || rc=3
|
||||
|
||||
cd /
|
||||
echo /usr/libexec/locate.updatedb | nice -5 su -fm nobody
|
||||
chmod 444 $locdb
|
||||
fi;;
|
||||
cd /
|
||||
echo /usr/libexec/locate.updatedb | nice -5 su -fm nobody || rc=3
|
||||
chmod 444 $locdb || rc=3;;
|
||||
|
||||
*) rc=0;;
|
||||
esac
|
||||
|
||||
exit $rc
|
||||
|
@ -13,34 +13,39 @@ fi
|
||||
|
||||
case "$weekly_whatis_enable" in
|
||||
[Yy][Ee][Ss])
|
||||
if [ -x /usr/libexec/makewhatis.local -a -x /usr/bin/manpath ]
|
||||
echo ""
|
||||
echo "Rebuilding whatis database:"
|
||||
|
||||
MANPATH=`/usr/bin/manpath -q`
|
||||
if [ $? = 0 ]
|
||||
then
|
||||
echo ""
|
||||
echo "Rebuilding whatis database:"
|
||||
|
||||
MANPATH=`/usr/bin/manpath -q`
|
||||
if [ $? = 0 ]
|
||||
if [ -z "${MANPATH}" ]
|
||||
then
|
||||
if [ "x${MANPATH}" = "x" ]
|
||||
echo "manpath failed to find any manpage directories"
|
||||
rc=3
|
||||
else
|
||||
man_locales=`/usr/bin/manpath -qL`
|
||||
rc=0
|
||||
|
||||
# Build whatis(1) database(s) for original, non-localized
|
||||
# manpages.
|
||||
/usr/libexec/makewhatis.local "${MANPATH}" || rc=3
|
||||
|
||||
# Build whatis(1) database(s) for localized manpages.
|
||||
if [ X"${man_locales}" != X ]
|
||||
then
|
||||
echo "manpath failed to find any manpage directories"
|
||||
else
|
||||
man_locales=`/usr/bin/manpath -qL`
|
||||
|
||||
# Build whatis(1) database(s) for original, non-localized
|
||||
# manpages.
|
||||
/usr/libexec/makewhatis.local "${MANPATH}"
|
||||
|
||||
# Build whatis(1) database(s) for localized manpages.
|
||||
if [ X"${man_locales}" != X ]
|
||||
then
|
||||
for i in ${man_locales}
|
||||
do
|
||||
LC_CTYPE=$i /usr/libexec/makewhatis.local -a \
|
||||
-L "${MANPATH}"
|
||||
done
|
||||
fi
|
||||
for i in ${man_locales}
|
||||
do
|
||||
LC_CTYPE=$i /usr/libexec/makewhatis.local -a \
|
||||
-L "${MANPATH}" || rc=3
|
||||
done
|
||||
fi
|
||||
fi
|
||||
else
|
||||
rc=3
|
||||
fi;;
|
||||
|
||||
*) rc=0;;
|
||||
esac
|
||||
|
||||
exit $rc
|
||||
|
@ -13,34 +13,46 @@ fi
|
||||
|
||||
case "$weekly_catman_enable" in
|
||||
[Yy][Ee][Ss])
|
||||
if [ -x /usr/libexec/catman.local -a -d /usr/share/man/cat1 -a \
|
||||
-x /usr/bin/manpath ]
|
||||
if [ ! -d /usr/share/man/cat1 ]
|
||||
then
|
||||
echo '$weekly_catman_enable is set but /usr/share/man/cat1' \
|
||||
"doesn't exist"
|
||||
rc=2
|
||||
else
|
||||
echo ""
|
||||
echo "Reformatting manual pages:"
|
||||
|
||||
MANPATH=`/usr/bin/manpath -q`
|
||||
if [ $? = 0 ]
|
||||
then
|
||||
if [ "x${MANPATH}" = "x" ]
|
||||
if [ -z "${MANPATH}" ]
|
||||
then
|
||||
echo "manpath failed to find any manpath directories"
|
||||
rc=3
|
||||
else
|
||||
man_locales=`/usr/bin/manpath -qL`
|
||||
rc=0
|
||||
|
||||
# Preformat original, non-localized manpages
|
||||
echo /usr/libexec/catman.local "$MANPATH" | su -fm man
|
||||
echo /usr/libexec/catman.local "$MANPATH" |
|
||||
su -fm man || rc=3
|
||||
|
||||
# Preformat localized manpages.
|
||||
if [ X"$man_locales" != X ]
|
||||
if [ -n "$man_locales" ]
|
||||
then
|
||||
for i in $man_locales
|
||||
do
|
||||
LC_CTYPE=$i echo /usr/libexec/catman.local -L \
|
||||
"$MANPATH" | su -fm man
|
||||
"$MANPATH" | su -fm man || rc=3
|
||||
done
|
||||
fi
|
||||
fi
|
||||
else
|
||||
rc=3
|
||||
fi
|
||||
fi;;
|
||||
|
||||
*) rc=0;;
|
||||
esac
|
||||
|
||||
exit $rc
|
||||
|
@ -16,6 +16,12 @@ case "$weekly_noid_enable" in
|
||||
echo ""
|
||||
echo "Check for files with an unknown user or group:"
|
||||
|
||||
find -H ${weekly_noid_dirs:-/} -fstype local \
|
||||
\( -nogroup -o -nouser \) -print | sed 's/^/ /';;
|
||||
rc=$(find -H ${weekly_noid_dirs:-/} -fstype local \
|
||||
\( -nogroup -o -nouser \) -print | sed 's/^/ /' |
|
||||
tee /dev/stderr | wc -l)
|
||||
[ $rc -gt 1 ] && rc=1;;
|
||||
|
||||
*) rc=0;;
|
||||
esac
|
||||
|
||||
exit $rc
|
||||
|
@ -16,5 +16,13 @@ case "$weekly_status_pkg_enable" in
|
||||
echo ""
|
||||
echo "Check for out of date packages:"
|
||||
|
||||
pkg_version -v | sed -n 's/^\([^ ]*\) *< */ \1 /p';;
|
||||
rc=$(pkg_version -v |
|
||||
sed -n 's/^\([^ ]*\) *< */ \1 /p' |
|
||||
tee /dev/stderr |
|
||||
wc -l)
|
||||
[ $rc -gt 1 ] && rc=1;;
|
||||
|
||||
*) rc=0;;
|
||||
esac
|
||||
|
||||
exit $rc
|
||||
|
@ -11,6 +11,7 @@ then
|
||||
source_periodic_confs
|
||||
fi
|
||||
|
||||
rc=0
|
||||
for script in $weekly_local
|
||||
do
|
||||
case "$script" in
|
||||
@ -20,7 +21,15 @@ do
|
||||
echo ""
|
||||
echo "Running $script:"
|
||||
|
||||
sh $script
|
||||
sh $script || rc=3
|
||||
else
|
||||
echo "$script: No such file"
|
||||
[ $rc -lt 2 ] && rc=2
|
||||
fi;;
|
||||
*)
|
||||
echo "$script: Not an absolute path"
|
||||
[ $rc -lt 2 ] && rc=2;;
|
||||
esac
|
||||
done
|
||||
|
||||
exit $rc
|
||||
|
63
etc/security
63
etc/security
@ -5,12 +5,21 @@
|
||||
#
|
||||
PATH=/sbin:/bin:/usr/bin
|
||||
LC_ALL=C; export LC_ALL
|
||||
rc=0
|
||||
LOG=/var/log
|
||||
TMP=/var/run/_secure.$$
|
||||
|
||||
separator () {
|
||||
echo ''
|
||||
echo ''
|
||||
}
|
||||
|
||||
catmsgs() {
|
||||
[ -f $LOG/messages.0.gz ] && zcat $LOG/messages.0.gz
|
||||
[ -f $LOG/messages.0 ] && cat $LOG/messages.0
|
||||
[ -f $LOG/messages ] && cat $LOG/messages
|
||||
}
|
||||
|
||||
sflag=FALSE ignore=
|
||||
while getopts ams c
|
||||
do
|
||||
@ -26,9 +35,6 @@ yesterday=`date -v-1d "+%b %e "`
|
||||
host=`hostname`
|
||||
[ $sflag = FALSE ] && echo "Subject: ${host} security check output"
|
||||
|
||||
LOG=/var/log
|
||||
TMP=/var/run/_secure.$$
|
||||
|
||||
umask 027
|
||||
|
||||
echo "checking setuid files and devices:"
|
||||
@ -48,17 +54,19 @@ while [ $# -ge 1 ]; do
|
||||
done | xargs -0 -n 20 ls -liTd | sort +10 > ${TMP}
|
||||
|
||||
if [ ! -f ${LOG}/setuid.today ]; then
|
||||
[ $rc -lt 1 ] && rc=1
|
||||
separator
|
||||
echo "no ${LOG}/setuid.today"
|
||||
cp ${TMP} ${LOG}/setuid.today
|
||||
cp ${TMP} ${LOG}/setuid.today || rc=3
|
||||
fi
|
||||
|
||||
if ! cmp ${LOG}/setuid.today ${TMP} >/dev/null; then
|
||||
[ $rc -lt 1 ] && rc=1
|
||||
separator
|
||||
echo "${host} setuid diffs:"
|
||||
diff -w ${LOG}/setuid.today ${TMP}
|
||||
mv ${LOG}/setuid.today ${LOG}/setuid.yesterday
|
||||
mv ${TMP} ${LOG}/setuid.today
|
||||
mv ${LOG}/setuid.today ${LOG}/setuid.yesterday || rc=3
|
||||
mv ${TMP} ${LOG}/setuid.today || rc=3
|
||||
fi
|
||||
|
||||
# Show changes in the way filesystems are mounted
|
||||
@ -66,42 +74,52 @@ fi
|
||||
[ -n "$ignore" ] && cmd="egrep -v ${ignore#|}" || cmd=cat
|
||||
if mount -p | $cmd > $TMP; then
|
||||
if [ ! -f $LOG/mount.today ]; then
|
||||
[ $rc -lt 1 ] && rc=1
|
||||
separator
|
||||
echo "no $LOG/mount.today"
|
||||
cp $TMP $LOG/mount.today
|
||||
cp $TMP $LOG/mount.today || rc=3
|
||||
fi
|
||||
if ! cmp $LOG/mount.today $TMP >/dev/null 2>&1; then
|
||||
[ $rc -lt 1 ] && rc=1
|
||||
separator
|
||||
echo "$host changes in mounted filesystems:"
|
||||
diff -b $LOG/mount.today $TMP
|
||||
mv $LOG/mount.today $LOG/mount.yesterday
|
||||
mv $TMP $LOG/mount.today
|
||||
mv $LOG/mount.today $LOG/mount.yesterday || rc=3
|
||||
mv $TMP $LOG/mount.today || rc=3
|
||||
fi
|
||||
fi
|
||||
|
||||
separator
|
||||
echo "checking for uids of 0:"
|
||||
awk -F: '$3==0 {print $1,$3}' /etc/master.passwd
|
||||
n=$(awk -F: '$3==0 {print $1,$3}' /etc/master.passwd |
|
||||
tee /dev/stderr |
|
||||
sed -e '/^root 0$/d' -e '/^toor 0$/d' |
|
||||
wc -l)
|
||||
[ $n -gt 0 -a $rc -lt 1 ] && rc=1
|
||||
|
||||
separator
|
||||
echo "checking for passwordless accounts:"
|
||||
awk -F: 'NF > 1 && $1 !~ /^[#+-]/ && $2=="" {print $0}' /etc/master.passwd
|
||||
n=$(awk -F: 'NF > 1 && $1 !~ /^[#+-]/ && $2=="" {print $0}' /etc/master.passwd |
|
||||
tee /dev/stderr | wc -l)
|
||||
[ $n -gt 0 -a $rc -lt 1 ] && rc=1
|
||||
|
||||
# Show denied packets
|
||||
#
|
||||
if ipfw -a l 2>/dev/null | egrep "deny|reset|unreach" > ${TMP}; then
|
||||
if [ ! -f ${LOG}/ipfw.today ]; then
|
||||
[ $rc -lt 1 ] && rc=1
|
||||
separator
|
||||
echo "no ${LOG}/ipfw.today"
|
||||
cp ${TMP} ${LOG}/ipfw.today
|
||||
cp ${TMP} ${LOG}/ipfw.today || rc=3
|
||||
fi
|
||||
|
||||
if ! cmp ${LOG}/ipfw.today ${TMP} >/dev/null; then
|
||||
[ $rc -lt 1 ] && rc=1
|
||||
separator
|
||||
echo "${host} denied packets:"
|
||||
diff -b ${LOG}/ipfw.today ${TMP} | egrep "^>"
|
||||
mv ${LOG}/ipfw.today ${LOG}/ipfw.yesterday
|
||||
mv ${TMP} ${LOG}/ipfw.today
|
||||
mv ${LOG}/ipfw.today ${LOG}/ipfw.yesterday || rc=3
|
||||
mv ${TMP} ${LOG}/ipfw.today || rc=3
|
||||
fi
|
||||
fi
|
||||
|
||||
@ -112,6 +130,7 @@ if [ $? -eq 0 -a "${IPFW_LOG_LIMIT}" -ne 0 ]; then
|
||||
ipfw -a l | grep " log " | perl -n -e \
|
||||
'/^\d+\s+(\d+)/; print if ($1 >= '$IPFW_LOG_LIMIT')' > ${TMP}
|
||||
if [ -s "${TMP}" ]; then
|
||||
[ $rc -lt 1 ] && rc=1
|
||||
separator
|
||||
echo "ipfw log limit reached:"
|
||||
cat ${TMP}
|
||||
@ -122,17 +141,19 @@ fi
|
||||
#
|
||||
if dmesg 2>/dev/null > ${TMP}; then
|
||||
if [ ! -f ${LOG}/dmesg.today ]; then
|
||||
[ $rc -lt 1 ] && rc=1
|
||||
separator
|
||||
echo "no ${LOG}/dmesg.today"
|
||||
cp ${TMP} ${LOG}/dmesg.today
|
||||
cp ${TMP} ${LOG}/dmesg.today || rc=3
|
||||
fi
|
||||
|
||||
if ! cmp ${LOG}/dmesg.today ${TMP} >/dev/null 2>&1; then
|
||||
[ $rc -lt 1 ] && rc=1
|
||||
separator
|
||||
echo "${host} kernel log messages:"
|
||||
diff -b ${LOG}/dmesg.today ${TMP} | egrep "^>"
|
||||
mv ${LOG}/dmesg.today ${LOG}/dmesg.yesterday
|
||||
mv ${TMP} ${LOG}/dmesg.today
|
||||
mv ${LOG}/dmesg.today ${LOG}/dmesg.yesterday || rc=3
|
||||
mv ${TMP} ${LOG}/dmesg.today || rc=3
|
||||
fi
|
||||
fi
|
||||
|
||||
@ -140,12 +161,16 @@ fi
|
||||
#
|
||||
separator
|
||||
echo "${host} login failures:"
|
||||
zcat -f $LOG/messages.0* $LOG/messages | grep -i "^$yesterday.*login failure"
|
||||
n=$(catmsgs | grep -i "^$yesterday.*login failure" | tee /dev/stderr | wc -l)
|
||||
[ $n -gt 0 -a $rc -lt 1 ] && rc=1
|
||||
|
||||
# Show tcp_wrapper warning messages
|
||||
#
|
||||
separator
|
||||
echo "${host} refused connections:"
|
||||
zcat -f $LOG/messages.0* $LOG/messages | grep -i "^$yesterday.*refused connect"
|
||||
n=$(catmsgs | grep -i "^$yesterday.*refused connect" | tee /dev/stderr | wc -l)
|
||||
[ $n -gt 0 -a $rc -lt 1 ] && rc=1
|
||||
|
||||
rm -f ${TMP}
|
||||
|
||||
exit $rc
|
||||
|
@ -48,13 +48,84 @@ file.
|
||||
is actually sourced as a shell script from each of the periodic scripts
|
||||
and is intended to simply provide default configuration variables.
|
||||
.Pp
|
||||
The following list provides a name and short description for each
|
||||
variable you can set in the
|
||||
.Nm
|
||||
file.
|
||||
The following variables are used by
|
||||
.Xr periodic 8
|
||||
itself:
|
||||
.Bl -tag -offset 4n -width 2n
|
||||
.It Ar local_periodic
|
||||
(str) List of directories to search for periodic scripts.
|
||||
This list is always prefixed with
|
||||
.Pa /etc/periodic ,
|
||||
and is only used when an argument to
|
||||
.Xr periodic 8
|
||||
is not an absolute directory name.
|
||||
.It Ar dir Ns No _output
|
||||
(path or list) What to do with the output of the scripts envoked from
|
||||
the directory
|
||||
.Ar dir .
|
||||
If this variable is set to an absolute path name, output is logged to
|
||||
that file, otherwise it is taken as one or more space seperated email
|
||||
addresses and mailed to those users.
|
||||
If this variable is not set, it defaults to
|
||||
.Dq root .
|
||||
.Pp
|
||||
For an unattended machine, suitable values for
|
||||
.Ar $daily_output ,
|
||||
.Ar $weekly_output ,
|
||||
and
|
||||
.Ar $monthly_output
|
||||
might be
|
||||
.Dq /var/log/daily.log ,
|
||||
.Dq /var/log/weekly.log ,
|
||||
and
|
||||
.Dq /var/log/monthly.log
|
||||
respectively, as
|
||||
.Xr newsyslog 8
|
||||
will rotate these files (if they exists) at the appropriate times.
|
||||
.It Ar dir Ns No _show_success
|
||||
.It Ar dir Ns No _show_info
|
||||
.It Ar dir Ns No _show_badconfig
|
||||
(bool) These variables control whether
|
||||
.Xr periodic 8
|
||||
will mask the output of the envoked scripts based on their return code
|
||||
(where
|
||||
.Ar dir
|
||||
is the base directory name in which each script resides).
|
||||
If the return code of a script is
|
||||
.Sq 0
|
||||
and
|
||||
.Ar dir Ns No _show_success is set to
|
||||
.Dq NO ,
|
||||
.Xr periodic 8
|
||||
will mask the script's output.
|
||||
If the return code of a script is
|
||||
.Sq 1
|
||||
and
|
||||
.Ar dir Ns No _show_info is set to
|
||||
.Dq NO ,
|
||||
.Xr periodic 8
|
||||
will mask the script's output.
|
||||
If the return code of a script is
|
||||
.Sq 2
|
||||
and
|
||||
.Ar dir Ns No _show_badconfig is set to
|
||||
.Dq NO ,
|
||||
.Xr periodic 8
|
||||
will mask the script's output.
|
||||
If these variables are set to neither
|
||||
.Dq YES
|
||||
nor
|
||||
.Dq NO ,
|
||||
the default to
|
||||
.Dq YES ,
|
||||
.Dq YES
|
||||
and
|
||||
.Dq NO
|
||||
respectively.
|
||||
.Pp
|
||||
Refer to the
|
||||
.Xr periodic 8
|
||||
man page for how script return codes are interpreted.
|
||||
.El
|
||||
.B Daily variables
|
||||
.Pp
|
||||
@ -433,11 +504,12 @@ is shared or distributed.
|
||||
.Xr chkgrp 8 ,
|
||||
.Xr dump 8 ,
|
||||
.Xr mfs 8 .
|
||||
.Xr newsyslog 8 .
|
||||
.Xr periodic 8 .
|
||||
.Sh HISTORY
|
||||
The
|
||||
.Nm
|
||||
file appeared in
|
||||
.Fx 5.0 .
|
||||
.Fx 4.1 .
|
||||
.Sh AUTHORS
|
||||
.An Brian Somers Aq brian@Awfulhak.org .
|
||||
|
@ -33,17 +33,14 @@
|
||||
run periodic system functions
|
||||
.Sh SYNOPSIS
|
||||
.Nm periodic
|
||||
.Ao
|
||||
.Cm daily | weekly | monthly |
|
||||
.Ar path Op path ...
|
||||
.Ac
|
||||
.Ar directory Ns No ...
|
||||
.Sh DESCRIPTION
|
||||
The
|
||||
.Nm
|
||||
program is intended to be called by cron(8) to execute shell scripts
|
||||
located in the specified directory.
|
||||
.Pp
|
||||
One, and only one, of the following arguments should be specified:
|
||||
One or more of the following arguments must be specified:
|
||||
.Bl -tag -width Fl
|
||||
.It Cm daily
|
||||
Perform the standard daily periodic executable run.
|
||||
@ -55,14 +52,89 @@ This usually occurs on Sunday mornings.
|
||||
Perform the standard monthly periodic executable run.
|
||||
This usually occurs on the first day of the month.
|
||||
.It Ar path
|
||||
An absolute path to a directory containing a set of executables to be run.
|
||||
An arbitrary directory containing a set of executables to be run.
|
||||
.El
|
||||
.Pp
|
||||
If an argument is an absolute directory name it is used as is, otherwise
|
||||
it is searched for under
|
||||
.Pa /etc/periodic
|
||||
and any other directories specified by the
|
||||
.Va local_periodic
|
||||
setting in
|
||||
.Xr periodic.conf 5
|
||||
(see below).
|
||||
.Pp
|
||||
The
|
||||
.Nm
|
||||
program will run each executable file in the directory or directories
|
||||
specified. If a file does not have the executable bit set, it will be
|
||||
ignored silently.
|
||||
specified.
|
||||
If a file does not have the executable bit set, it is silently ignored.
|
||||
.Pp
|
||||
Each script is required to exit with one of the following values:
|
||||
.Bl -tag -width XXXX
|
||||
.It 0
|
||||
The script has produced nothing notable in it's output.
|
||||
The
|
||||
.Va <basedir>_show_success
|
||||
variable controls the masking of this output.
|
||||
.It 1
|
||||
The script has produced some notable information in it's output.
|
||||
The
|
||||
.Va <basedir>_show_info
|
||||
variable controls the masking of this output.
|
||||
.It 2
|
||||
The script has produced some warnings due to invalid configuration settings.
|
||||
The
|
||||
.Va <basedir>_show_badconfig
|
||||
variable controls the masking of this output.
|
||||
.It >2
|
||||
The script has produced output that must not be masked.
|
||||
.El
|
||||
.Pp
|
||||
If the relevant variable (where
|
||||
.Ar <basedir>
|
||||
is the base directory in which the script resides) is set to
|
||||
.Dq NO
|
||||
in
|
||||
.Pa periodic.conf ,
|
||||
.Nm
|
||||
will mask the script output.
|
||||
If the variable is not set to either
|
||||
.Dq YES
|
||||
or
|
||||
.Dq NO ,
|
||||
it will be given a default value as described in
|
||||
.Xr periodic.conf 5 .
|
||||
.Pp
|
||||
All remaining script output is delivered based on the value of the
|
||||
.Va <basedir>_output
|
||||
setting.
|
||||
.Pp
|
||||
If this is set to a path name (beginning with a
|
||||
.Dq /
|
||||
Character), output is simply logged to that file.
|
||||
.Xr newsyslog 8
|
||||
knows about the files
|
||||
.Pa /var/log/daily.log ,
|
||||
.Pa /var/log/weekly.log
|
||||
and
|
||||
.Pa /var/log/monthly.log ,
|
||||
and if they exist, it will rotate them at the appropriate times.
|
||||
These are therefore good values if you wish to log
|
||||
.Nm
|
||||
output.
|
||||
.Pp
|
||||
If the
|
||||
.Va <basedir>_output
|
||||
value does not begin with a
|
||||
.Dq / ,
|
||||
it is assumed to contain a list of email addresses, and the output is
|
||||
mailed to them.
|
||||
.Pp
|
||||
If
|
||||
.Va <basedir>_output
|
||||
is not set, it defaults to
|
||||
.Dq root .
|
||||
.Sh ENVIRONMENT
|
||||
The
|
||||
.Nm
|
||||
@ -89,13 +161,16 @@ subdirectories which contain standard system periodic executables.
|
||||
.It Pa /etc/defaults/periodic.conf
|
||||
The
|
||||
.Pa periodic.conf
|
||||
system registry contains a variable
|
||||
.Va local_periodic
|
||||
which may be configured to specify additional top level standard
|
||||
periodic directories, such as
|
||||
.Pa /usr/local/etc/periodic
|
||||
system registry contains variables that control the behaviour of
|
||||
.Nm
|
||||
and the standard
|
||||
.Pa daily ,
|
||||
.Pa weekly ,
|
||||
and
|
||||
.Pa /usr/X11R6/etc/periodic .
|
||||
.Pa monthly
|
||||
scripts.
|
||||
.It Pa /etc/periodic.conf
|
||||
This file contains local overrides for the default periodic configuration.
|
||||
.El
|
||||
.Sh EXAMPLES
|
||||
The system crontab should have entries for
|
||||
@ -103,22 +178,40 @@ The system crontab should have entries for
|
||||
similar to the following example:
|
||||
.Pp
|
||||
.Dl # do daily/weekly/monthly maintenance
|
||||
.Dl 0 2 * * * root periodic daily 2>&1
|
||||
.Dl 0 3 * * 6 root periodic weekly 2>&1
|
||||
.Dl 0 5 1 * * root periodic monthly 2>&1
|
||||
.Dl 0 2 * * * root periodic daily
|
||||
.Dl 0 3 * * 6 root periodic weekly
|
||||
.Dl 0 5 1 * * root periodic monthly
|
||||
.Pp
|
||||
Additionally, the
|
||||
The
|
||||
.Pa /etc/defaults/periodic.conf
|
||||
system registry will typically have a
|
||||
.Va local_periodic
|
||||
variable reading:
|
||||
.Pp
|
||||
.Dl local_periodic="/usr/local/etc/periodic /usr/X11R6/etc/periodic"
|
||||
.Pp
|
||||
To log
|
||||
.Nm
|
||||
output instead of receiving it as email, add the following lines to
|
||||
.Pa /etc/periodic.conf :
|
||||
.Pp
|
||||
.Dl daily_output=/var/log/daily.log
|
||||
.Dl weekly_output=/var/log/weekly.log
|
||||
.Dl monthly_output=/var/log/monthly.log
|
||||
.Pp
|
||||
To only see important information from daily periodic jobs, add the
|
||||
following lines to
|
||||
.Pa /etc/periodic.conf :
|
||||
.Pp
|
||||
.Dl daily_show_success=NO
|
||||
.Dl daily_show_info=NO
|
||||
.Dl daily_show_badconfig=NO
|
||||
.Sh SEE ALSO
|
||||
.Xr sh 1 ,
|
||||
.Xr crontab 5 ,
|
||||
.Xr periodic.conf 5 ,
|
||||
.Xr cron 8
|
||||
.Xr cron 8 ,
|
||||
.Xr newsyslog 8
|
||||
.Rs
|
||||
.Sh DIAGNOSTICS
|
||||
Exit status is 0 on success and 1 if the command
|
||||
@ -138,3 +231,4 @@ program first appeared in
|
||||
.Fx 3.0 .
|
||||
.Sh AUTHORS
|
||||
.An Paul Traina Aq pst@FreeBSD.org
|
||||
.An Brian Somers Aq brian@Awfulhak.org
|
||||
|
@ -25,43 +25,65 @@ if [ -r /etc/defaults/periodic.conf ]; then
|
||||
source_periodic_confs
|
||||
fi
|
||||
|
||||
dir=$1
|
||||
run=`basename $dir`
|
||||
dirlist=
|
||||
|
||||
# If a full path was not specified, check the standard cron areas
|
||||
|
||||
if [ "$dir" = "$run" ] ; then
|
||||
dirlist=""
|
||||
for top in /etc/periodic ${local_periodic} ; do
|
||||
if [ -d $top/$dir ] ; then
|
||||
dirlist="${dirlist} $top/$dir"
|
||||
fi
|
||||
done
|
||||
|
||||
# User wants us to run stuff in a particular directory
|
||||
else
|
||||
for dir in $* ; do
|
||||
if [ ! -d $dir ] ; then
|
||||
echo "$0: $dir not found" 1>&2
|
||||
exit 1
|
||||
fi
|
||||
done
|
||||
|
||||
dirlist="$*"
|
||||
fi
|
||||
for dir
|
||||
do
|
||||
case "$dir" in
|
||||
/*)
|
||||
if [ -d "$dir" ]
|
||||
then
|
||||
dirlist="$dirlist $dir"
|
||||
else
|
||||
echo "$0: $dir not found" >&2
|
||||
fi;;
|
||||
*)
|
||||
for top in /etc/periodic ${local_periodic}
|
||||
do
|
||||
[ -d $top/$dir ] && dirlist="$dirlist $top/$dir"
|
||||
done;;
|
||||
esac
|
||||
done
|
||||
|
||||
host=`hostname`
|
||||
export host
|
||||
echo "Subject: $host $run run output"
|
||||
tmp_output=/var/run/periodic.$$
|
||||
|
||||
# Execute each executable file in the directory list. If the x bit is not
|
||||
# set, assume the user didn't really want us to muck with it (it's a
|
||||
# README file or has been disabled).
|
||||
|
||||
for dir in $dirlist ; do
|
||||
for file in $dir/* ; do
|
||||
if [ -x $file -a ! -d $file ] ; then
|
||||
$file
|
||||
fi
|
||||
for dir in $dirlist
|
||||
do
|
||||
eval output=\$${dir##*/}_output
|
||||
case "$output" in
|
||||
/*) pipe="cat >>$output";;
|
||||
*) pipe="mail -s '$host ${dir##*/} run output' ${output:-root}";;
|
||||
esac
|
||||
|
||||
success=YES info=YES badconfig=NO # Defaults when ${run}_* aren't YES/NO
|
||||
for var in success info badconfig
|
||||
do
|
||||
case $(eval echo "\$${dir##*/}_show_$var") in
|
||||
[Yy][Ee][Ss]) eval $var=YES;;
|
||||
[Nn][Oo]) eval $var=NO;;
|
||||
esac
|
||||
done
|
||||
|
||||
for file in $dir/*
|
||||
do
|
||||
if [ -x $file -a ! -d $file ]
|
||||
then
|
||||
$file </dev/null >$tmp_output 2>&1
|
||||
case $? in
|
||||
0) [ $success = YES ] && cat $tmp_output;;
|
||||
1) [ $info = YES ] && cat $tmp_output;;
|
||||
2) [ $badconfig = YES ] && cat $tmp_output;;
|
||||
*) cat $tmp_output;;
|
||||
esac
|
||||
rm -f $tmp_output
|
||||
fi
|
||||
done | eval $pipe
|
||||
done
|
||||
|
Loading…
Reference in New Issue
Block a user